Attorney: Breach accessed 'personal information'

COEUR d'ALENE — Last week’s “data security incident” within the city of Coeur d’Alene involved “acquisition of personal information,” according to a letter to the Idaho Attorney General’s Office.

"Through the investigation, the City found that certain devices on its network were encrypted by malware,” attorney Matt Meade, of the firm Eckert Seamans Cherin and Mellott, wrote in the Feb. 14 letter. “On Tuesday, Feb. 13, 2024, the City discovered that this incident involved unauthorized acquisition of personal information, as defined by Idaho law.”

Idaho Code 28-51-105 requires an Idaho public agency to notify the Attorney General’s Office within 24 hours of discovering a breach of its security system.

The city of Coeur d'Alene shut down its computer network after malware was detected in its system Feb. 11. The city's website was offline, records were not accessible and phones were down for several days but are back up now. 

Meade wrote that the city will continue to investigate and "will be providing written notice to the identified impacted individuals, together with an offer of complimentary credit monitoring."

"The City is currently working with legal counsel and its digital forensics firm to contain and eradicate the malware, investigate the scope of the incident, restore operations, and mitigate any resulting harm," Meade wrote.

The city also notified federal law enforcement of the incident and is cooperating with the investigation, the letter said.

The city said Thursday it did not have any new information regarding the incident.